Authors: Mark Spivey, Spivey D. Spivey
ISBN-13: 9780849370571, ISBN-10: 0849370574
Format: Hardcover
Publisher: Taylor & Francis, Inc.
Date Published: July 2006
Edition: 1ST
Book Synopsis
Examining computer security from the hacker's perspective, Practical Hacking Techniques and Countermeasures employs virtual computers to illustrate how an attack is executed, including the script, compilation, and results. It provides detailed screen shots in each lab for the reader to follow along in a step-by-step process in order to duplicate and understand how the attack works. It enables experimenting with hacking techniques without fear of corrupting computers or violating any laws.
Written in a lab manual style, the book begins with the installation of the VMware® Workstation product and guides the users through detailed hacking labs enabling them to experience what a hacker actually does during an attack. It covers social engineering techniques, footprinting techniques, and scanning tools. Later chapters examine spoofing techniques, sniffing techniques, password cracking, and attack tools. Identifying wireless attacks, the book also explores Trojans, Man-in-the-Middle (MTM) attacks, and Denial of Service (DoS) attacks.
Learn how to secure your computers with this comprehensive guide on hacking techniques and countermeasures
By understanding how an attack occurs the reader can better understand how to defend against it. This book shows how an attack is conceptualized, formulated, and performed. It offers valuable information for constructing a system to defend against attacks and provides a better understanding of securing your own computer or corporate network.
Table of Contents
Preparation 1
Installing VMware Workstation 3
Configuring Virtual Machines 10
Installing a Virtual Windows 2000 Workstation 11
Installing VMware Tools for Windows 2000 Virtual Machines 29
Installing a Red Hat Version 8 Virtual Machine 35
Installing VMware Tools for Red Hat Virtual Machines 55
What Is on the CD? 60
Restrict Anonymous 60
To Restrict Anonymous 60
In Windows NT 60
For Windows XP, 2003 60
For Windows 2000 61
What Is the Difference? 61
Banner Identification 63
Banner Identification 65
Banner Identification 67
Banner Identification 73
Operating System Identification: Detect Operating System of Target: Xprobe2 75
Banner Identification 79
Banner Identification 84
Personal Social Engineering: Social Engineering Techniques: Dumpster Diving/Personnel 86
Target Enumeration 87
Establish a NULL Session: Establish a NULL Session: NULL Session 89
Enumerate Target MAC Address: Enumerate MAC Address and Total NICs: GETMAC 90
Enumerate SID from User ID: Enumerate the SID from the Username: USER2SID 91
Enumerate User ID from SID: Enumerate the Username from the Known SID: SID2USER 93
Enumerate User Information: Enumerate User Information from Target: USERDUMP 96
Enumerate User Information: Exploit Data from Target Computer: USERINFO 97
Enumerate User Information: Exploit User Information from Target: DUMPSEC 98
Host/Domain Enumeration: Enumerate Hosts and Domains of LAN: Net Commands 102
Target Connectivity/Route: Detect Target Connectivity: PingG 105
Target Connectivity/Route: Connectivity/Routing Test: Pathping 107
Operating System Identification: Identify Target Operating System: Nmap/nmapFE 109
Operating System Identification: Identify Target Operating System: NmapNT 117
IP/Hostname Enumeration: Enumerate IP or Hostname: Nslookup 123
IP/Hostname Enumeration: Enumerate IP or Hostname: Nmblookup 124
RPC Reporting: Report the RPC of Target: Rpcinfo 125
Location/Registrant Identification: Gather Registration Info/Trace Visual Route: Visual Route 126
Registrant Identification: Gather IP or Hostname: Sam Spade 128
Operating System Identification: Gather OS Runtime and Registered IPs: Netcraft 131
Operating System Identification: Scan Open Ports of Target: Sprint 133
Default Shares: Disable Default Shares: Windows Operating System 135
Host Enumeration: Scan Open Ports of Target: WinFingerprint 139
Scanning 145
Target Scan/Share Enumeration: Scan Open Ports of Target: Angry IP 147
Target Scan/Penetration: Scan Open Ports/Penetration Testing: LANguard 151
Target Scan through Firewall: Scan Open Ports of Target: Fscan 153
Passive Network Discovery: Passively Identify Target Information on the LAN: Passifist 154
Network Discovery: Identify Target Information: LanSpy 158
Open Ports/Services: Scan Open Ports/Services of Target: Netcat 161
Port Scan/Service Identification: Scan Open Ports of Target: SuperScan 163
Port Scanner: Identify Ports Open: Strobe 166
Anonymous FTP Locator: Locate Anonymous FTP Servers: FTPScanner 169
CGI Vulnerability Scanner: Identify CGI Vulnerabilities: TCS CGI Scanner 171
Shared Resources Locator: Identify Open Shared Resources: Hydra 178
Locate Wingate Proxy Servers: Locate Wingate Proxy Servers: WGateScan/ADM Gates 187
Sniffing Traffic 193
Packet Capture - Sniffer: Exploit Data from Network Traffic: Ethereal 195
To Install Ethereal on a Red Hat Linux Computer 196
To Install Ethereal on Microsoft Windows 206
Packet Capture - Sniffer: Exploit Data from Network Traffic: Ngrep 213
For Linux 213
For Windows 219
Packet Capture - Sniffer: Exploit Data from Network Traffic: TcpDump 223
Packet Capture - Sniffer: Exploit Data from Network Traffic: WinDump 230
Packet Capture - Sniffer: Monitor IP Network Traffic Flow: IPDump2 234
For Linux 234
For Windows 237
Password Capture - Sniffer: Exploit Passwords and Sniff the Network: ZxSniffer 240
Exploit Data from Target Computer - Sniffit 249
Spoofing 261
Spoofing IP Addresses: Send Packets via False IP Address: RafaleX 263
Spoofing MAC Addresses: Send Packets via a False MAC Address: SMAC 268
Spoofing MAC Addresses: Send Packets: via a False MAC Address: Linux 277
Packet Injection/Capture/Trace: Send Packets via a False IP/MAC Address: Packit 284
Spoof MAC Address: Altering the MAC Address: VMware Workstation 295
Brute Force 299
Brute-Force FTP Server: Crack an FTP Password: NETWOX/NETWAG 301
Retrieve Password Hashes: Extract Password Hashes: FGDump 309
Crack Password Hashes: Crack and Capture Password Hashes: LC5 313
Overwrite Administrator Password: Change the Administrator Password: CHNTPW 325
Brute-Force Passwords: Brute-Force Passwords for a Hashed File: John the Ripper 337
Brute-Force FTP Password: Brute-Force an FTP Password Connection: BruteFTP 346
Brute-Force Terminal Server: Brute-Force Terminal Server Passwords: TSGrinder II 354
Vulnerability Scanning 357
Vulnerability Scanner: Perform Vulnerability Assessment: SAINT 359
SNMP Walk: Exploit Data via SNMP Walk: NETWOX/NETWAG 379
Brute-Force Community Strings: Exploit the SNMP Community Strings: Solar Winds 386
Target Assessment: Assessment of Target Security: Retina 392
Target Assessment: Assessment of Target Security: X-Scan 397
Vulnerability Scanner: Perform Vulnerability Assessment: SARA 402
Web Server Target Assessment: Assessment of Web Server Security: N-Stealth 414
Vulnerability Scanner: Exploit Data from Target Computer: Pluto 421
Vulnerability Assessment: Perform Vulnerability Assessment: Metasploit 429
On Windows 429
On Linux 441
Web Server Target Assessment: Assessment of Web Server Security: Nikto 451
Vulnerability Scanner: Assessment of Target Security: Shadow Scanner 455
Internet Vulnerability Scanner: Assessment of Target Security: Cerberus 468
WHAX - Auto Exploit Reverse Shell: Automatically Exploit the Target: AutoScan 474
Unique Fake Lock Screen XP: Grab the Administrator Password: Fake Lock Screen XP 491
Bypassing Microsoft Serial Numbers: Bypassing Serial Number Protection: RockXP/Custom Script 499
Vulnerability Exploit: Assessment of Target Security: Web Hack Control Center 507
Wireless 511
Locate Unsecured Wireless: Locate Unsecured Wireless: NetStumbler/Mini-Stumbler 513
Trojan: Unauthorized Access and Control: Back Orifice 519
On the Target Computer 519
On the Attacker's Computer 528
Trojan: Unauthorized Access and Control: NetBus 534
On the Target (Server) 534
On the Attacker's Computer 540
ICMP Tunnel Backdoor: Bidirectional Spoofed ICMP Tunnel: Sneaky-Sneaky 545
On the Target (Server) 545
On the Attacker's Machine 548
Hiding Tools on the Target: Hiding Files on the Target: CP 553
Scenario: Hiding Netcat inside the Calculator Application 553
To Verify 555
Capturing Switched Network Traffic: Intercept/Exploit Traffic: Ettercap 556
Password Capture: Capture Passwords Traversing the Network: Dsniff 573
Data Manipulation: Manipulate the Live Data Stream: Achilles 574
Covert Reverse Telnet Session: Create a Reverse Telnet Session: Netcat 588
Covert Channel - Reverse Shell: Exploit Data from Target Computer: Reverse Shell 596
Redirection 603
PortMapper: Traffic Redirection: PortMapper 605
Executing Applications - Elitewrap: Executing Hidden Applications: Elitewrap 618
TCP Relay - Bypass Firewalls: Traffic Redirection: Fpipe 627
Remote Execution: Remote Execution on Target: PsExec 633
TCP Relay - Bypass Firewalls: Traffic Redirection: NETWOX/NETWAG 638
Denial-of-Service (DoS) 643
Denial-of-Service - Land Attack: DoS Land Attack: Land Attack 645
Denial-of-Service - Smurf Attack: DoS Smurf Attack: Smurf Attack 650
Denial-of-Service - SYN Attack: DoS Land Attack: SYN Attack 655
Denial-of-Service - UDP Flood: DoS UDP Flood Attack: UDP flood Attack 660
Denial-of-Service - Trash2.c: Create Denial-of-Service Traffic: Trash2.c 665
References 671
Tool Syntax 675
Index 725
Subjects